[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...

From: dickey
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Fri, 30 Oct 1998 20:16:23 -0500 (EST)

> > What is snprintf? 
> >  
> > I don't think it is on my older linux systems or my Borland compiler. 
> Its a version of sprintf that allows you set the maximum bytes it will write 
> eg 
>       snprintf(buf, sizeof(buf), "%s-%d-%d:%s", somestring, v1, v2, p); 
> There are free implementations of it around. Basically my side of things is 
> I work for a vendor who ships Lynx, so I need to try and ensure Lynx is as 
> secure as possible. Now Im looking only at Linux libc5 or higher so while 
> snprintf isnt a major standard its ok for me. Im also not sure how I can 
> replace some of the snprintfs I've used with lynx specific code to make 
> things 
> simpler 

painful as it seems, StrAllocCopy etc. are the preferred solution since
snprintf would only make the program not break badly - but wouldn't
preserve information so that it works correctly.  

(snprintf does has its place but I'm not sure there's enough of those in
Lynx to justify adding our own copy for porting purposes)

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]